Skip to content

Commit

Permalink
Skip automatically preserved request headers when rewriting (elastic#…
Browse files Browse the repository at this point in the history
…79973)

In elastic#79412 we fixed a bug that request headers got dropped when the
request is sent across to a node of different version. The fix is to
restore all existing request headers during the threadContext rewriting.
However, there are headers that are always automatically preserved by
the ThreadContext infrastructure, e.g. x-opaque-id. This causes failures
when the code tries to re-add the x-opaque-id header since it already
exists. An example of this issue is for CCS where the remote cluster is
often on a different version compared to the local cluster.

Resolves: elastic#79412
  • Loading branch information
ywangd committed Oct 28, 2021
1 parent 272b76b commit 8dcbf1f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
import org.elasticsearch.node.Node;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.Authentication.AuthenticationType;
import org.elasticsearch.xpack.core.security.authc.AuthenticationField;
import org.elasticsearch.xpack.core.security.authc.support.AuthenticationContextSerializer;
import org.elasticsearch.xpack.core.security.authc.support.SecondaryAuthentication;
import org.elasticsearch.xpack.core.security.user.User;
Expand Down Expand Up @@ -167,7 +166,7 @@ public void executeAfterRewritingAuthentication(Consumer<StoredContext> consumer
authentication.getLookedUpBy(), version, authentication.getAuthenticationType(),
rewriteMetadataForApiKeyRoleDescriptors(version, authentication)));
existingRequestHeaders.forEach((k, v) -> {
if (false == AuthenticationField.AUTHENTICATION_KEY.equals(k)) {
if (threadContext.getHeader(k) == null) {
threadContext.putHeader(k, v);
}
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext;
import org.elasticsearch.core.List;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.VersionUtils;
import org.elasticsearch.xpack.core.security.SecurityContext;
Expand Down Expand Up @@ -121,8 +122,14 @@ public void testExecuteAfterRewritingAuthentication() throws IOException {
final Authentication original = new Authentication(user, authBy, authBy);
original.writeToContext(threadContext);
final Map<String, String> requestHeaders = org.elasticsearch.core.Map.of(
AuthenticationField.PRIVILEGE_CATEGORY_KEY, randomAlphaOfLengthBetween(3, 10),
randomAlphaOfLengthBetween(3, 8), randomAlphaOfLengthBetween(3, 8)
AuthenticationField.PRIVILEGE_CATEGORY_KEY,
randomAlphaOfLengthBetween(3, 10),
randomAlphaOfLengthBetween(3, 8),
randomAlphaOfLengthBetween(3, 8),
Task.X_OPAQUE_ID,
randomAlphaOfLength(10),
Task.TRACE_ID,
randomAlphaOfLength(20)
);
threadContext.putHeader(requestHeaders);

Expand Down

0 comments on commit 8dcbf1f

Please sign in to comment.